[FFmpeg-devel] [PATCH v2] avformat/tls_openssl: fix warnings when openssl is lower version

Andreas Rheinhardt andreas.rheinhardt at outlook.com
Sun Jun 15 06:38:41 EEST 2025 

Jack Lau via ffmpeg-devel:
> api doc: https://docs.openssl.org/1.0.2/man3/BIO_s_mem
> 
> In higher versions (openssl 1.0.2 and higher),
> the function signature is BIO *BIO_new_mem_buf(const void *buf, int len),
> so passing a const string doesn't cause an warnings.
> However, in lower versions of OpenSSL,
> the function signature becomes BIO *BIO_new_mem_buf(void *buf, int len),
> which leads to warnings.
> 
> OpenSSL guarantees that it will not modify the string,
> so it's safe to cast the pem_str to (void *) to avoid this warning.
> 
> Signed-off-by: Jack Lau <jacklau1222 at qq.com>
> ---
>  libavformat/tls_openssl.c | 14 ++++++++++++--
>  1 file changed, 12 insertions(+), 2 deletions(-)
> 
> diff --git a/libavformat/tls_openssl.c b/libavformat/tls_openssl.c
> index 86e8935fee..0a6e5680f4 100644
> --- a/libavformat/tls_openssl.c
> +++ b/libavformat/tls_openssl.c
> @@ -415,7 +415,12 @@ error:
>   */
>  static EVP_PKEY *pkey_from_pem_string(const char *pem_str, int is_priv)
>  {
> -    BIO *mem = BIO_new_mem_buf(pem_str, -1);
> +    BIO *mem = NULL;
> +#if OPENSSL_VERSION_NUMBER < 0x10002000L /* OpenSSL 1.0.2 */
> +    mem = BIO_new_mem_buf((void *)pem_str, -1);
> +#else
> +    mem = BIO_new_mem_buf(pem_str, -1);
> +#endif
>      if (!mem) {
>          av_log(NULL, AV_LOG_ERROR, "BIO_new_mem_buf failed\n");
>          return NULL;
> @@ -445,7 +450,12 @@ static EVP_PKEY *pkey_from_pem_string(const char *pem_str, int is_priv)
>   */
>  static X509 *cert_from_pem_string(const char *pem_str)
>  {
> -    BIO *mem = BIO_new_mem_buf(pem_str, -1);
> +    BIO *mem = NULL;
> +#if OPENSSL_VERSION_NUMBER < 0x10002000L /* OpenSSL 1.0.2 */
> +    mem = BIO_new_mem_buf((void *)pem_str, -1);
> +#else
> +    mem = BIO_new_mem_buf(pem_str, -1);
> +#endif

#if OPENSSL_VERSION_NUMBER < 0x10002000L /* OpenSSL 1.0.2 */
    BIO *mem = BIO_new_mem_buf((void *)pem_str, -1);
#else
    BIO *mem = BIO_new_mem_buf(pem_str, -1);
#endif

would have the advantage that it avoids the useless initialization and
that the old code can be cleanly removed when we drop support for old
versions of openssl. Same for above.

>      if (!mem) {
>          av_log(NULL, AV_LOG_ERROR, "BIO_new_mem_buf failed\n");
>          return NULL;

More information about the ffmpeg-devel mailing list